PR/21819: Jeremy Reed: znew and gzexe create/use unsafe tmp files. Replaced

with the FreeBSD current version.

gnu/usr.bin/gzip/gzexe

@@ -11,6 +11,9 @@
 # WARNING: the first line of this file must be either : or #!/bin/sh
 # The : is required for some old versions of csh.
 # On Ultrix, /bin/sh is too buggy, change the first line to: #!/bin/sh5
+#
+# FreeBSD: src/gnu/usr.bin/gzip/gzexe,v 1.8 2000/11/19 13:10:11 kris Exp 
+# $NetBSD: gzexe,v 1.3 2003/07/05 02:34:28 christos Exp $
 
 x=`basename $0`
 if test $# = 0; then
@@ -20,7 +23,7 @@ if test $# = 0; then
   exit 1
 fi
 
-tmp=gz$$
+tmp=`/usr/bin/mktemp -t gz` || exit 1
 trap "rm -f $tmp; exit 1" 1 2 3 5 10 13 15
 
 decomp=0
@@ -31,12 +34,14 @@ if test "x$1" = "x-d"; then
   shift
 fi
 
-echo hi > zfoo1$$
-echo hi > zfoo2$$
-if test -z "`(${CPMOD-cpmod} zfoo1$$ zfoo2$$) 2>&1`"; then
+zfoo1=`/usr/bin/mktemp -t zfoo1` || exit 1
+zfoo2=`/usr/bin/mktemp -t zfoo2` || exit 1
+echo hi > $zfoo1
+echo hi > $zfoo2
+if test -z "`(${CPMOD-cpmod} $zfoo1 $zfoo2) 2>&1`"; then
   cpmod=${CPMOD-cpmod}
 fi
-rm -f zfoo[12]$$
+rm -f $zfoo1 $zfoo2
 
 tail=""
 IFS="${IFS= 	}"; saveifs="$IFS"; IFS="${IFS}:"
@@ -74,7 +79,7 @@ for i do
     continue
   fi
   case "`basename $i`" in
-  gzip | tail | chmod | ln | sleep | rm)
+  sh | gzip | tail | chmod | ln | sleep | rm | mktemp)
 	echo "${x}: $i would depend on itself"; continue ;;
   esac
   if test -z "$cpmod"; then
@@ -89,21 +94,25 @@ for i do
   if test $decomp -eq 0; then
     sed 1q $0 > $tmp
     sed "s|^if tail|if $tail|" >> $tmp <<'EOF'
-skip=18
-if tail +$skip $0 | gzip -cd > /tmp/gztmp$$; then
-  chmod 700 /tmp/gztmp$$
+skip=22
+gztmp=`/usr/bin/mktemp -t gztmp` || exit 1
+if tail +$skip $0 | gzip -cd > $gztmp; then
+  chmod 700 $gztmp
   prog="`echo $0 | sed 's|^.*/||'`"
-  if /bin/ln /tmp/gztmp$$ "/tmp/$prog" 2>/dev/null; then
-    trap '/bin/rm -f /tmp/gztmp$$ "/tmp/$prog"; exit $res' 0
-    (/bin/sleep 5; /bin/rm -f /tmp/gztmp$$ "/tmp/$prog") 2>/dev/null &
+  progtmp=`/usr/bin/mktemp -t ${prog}` || exit 1
+  if /bin/ln $gztmp $progtmp 2>/dev/null; then
+    trap '/bin/rm -f $gztmp $progtmp; exit $res' 0
+    (/bin/sleep 5; /bin/rm -f $gztmp $progtmp) 2>/dev/null &
     /tmp/"$prog" ${1+"$@"}; res=$?
   else
-    trap '/bin/rm -f /tmp/gztmp$$; exit $res' 0
-    (/bin/sleep 5; /bin/rm -f /tmp/gztmp$$) 2>/dev/null &
-    /tmp/gztmp$$ ${1+"$@"}; res=$?
+    trap '/bin/rm -f $progtmp $gztmp exit $res' 0
+    (/bin/sleep 5; /bin/rm -f $progtmp $gztmp) 2>/dev/null &
+    $gztmp ${1+"$@"}; res=$?
   fi
 else
-  echo Cannot decompress $0; exit 1
+  echo Cannot decompress $0
+  rm -f $gztmp
+  exit 1
 fi; exit $res
 EOF
     gzip -cv9 "$i" >> $tmp || {

gnu/usr.bin/gzip/znew

@@ -1,6 +1,8 @@
 #!/bin/sh
+#
+# FreeBSD: src/gnu/usr.bin/gzip/znew,v 1.6 2002/01/25 15:02:01 nectar Exp 
+# $NetBSD: znew,v 1.4 2003/07/05 02:34:28 christos Exp $
 
-PATH="/usr/bin:$PATH"; export PATH
 check=0
 pipe=0
 opt=
@@ -13,24 +15,28 @@ block=1024
 # block is the disk block size (best guess, need not be exact)
 
 warn="(does not preserve modes and timestamp)"
-tmp=/tmp/zfoo.$$
-echo hi > $tmp.1
-echo hi > $tmp.2
-if test -z "`(${CPMOD-cpmod} $tmp.1 $tmp.2) 2>&1`"; then
+tmp=`mktemp -d -t znew`
+if test -z "$tmp"; then
+  echo znew: could not create temporary directory
+  exit 1
+fi
+echo hi > $tmp/1
+echo hi > $tmp/2
+if test -z "`(${CPMOD-cpmod} $tmp/1 $tmp/2) 2>&1`"; then
   cpmod=${CPMOD-cpmod}
   warn=""
 fi
 
-if test -z "$cpmod" && ${TOUCH-touch} -r $tmp.1 $tmp.2 2>/dev/null; then
+if test -z "$cpmod" && ${TOUCH-touch} -r $tmp/1 $tmp/2 2>/dev/null; then
   cpmod="${TOUCH-touch}"
   cpmodarg="-r"
   warn="(does not preserve file modes)"
 fi
 
 # check if GZIP env. variable uses -S or --suffix
-gzip -q $tmp.1
-ext=`echo $tmp.1* | sed "s|$tmp.1||"`
-rm -f $tmp.[12]*
+gzip -q $tmp/1
+ext=`echo $tmp/1* | sed "s|$tmp/1||"`
+rm -rf $tmp
 if test -z "$ext"; then
   echo znew: error determining gzip extension
   exit 1